feat(report): support Amazon OVAL scanning (#824)

* feat(report): support Amazon OVAL scanning

* add distroAdvisories

* see goval/master

oval/redhat.go

@@ -133,6 +133,9 @@ func (o RedHatBase) update(r *models.ScanResult, defPacks defPacks) (nCVEs int)
 			vinfo.CveContents = cveContents
 		}
 
+		vinfo.DistroAdvisories.AppendIfMissing(
+			o.convertToDistroAdvisory(&defPacks.def))
+
 		// uniq(vinfo.PackNames + defPacks.actuallyAffectedPackNames)
 		for _, pack := range vinfo.AffectedPackages {
 			if nfy, ok := defPacks.actuallyAffectedPackNames[pack.Name]; !ok {
@@ -148,6 +151,21 @@ func (o RedHatBase) update(r *models.ScanResult, defPacks defPacks) (nCVEs int)
 	return
 }
 
+func (o RedHatBase) convertToDistroAdvisory(def *ovalmodels.Definition) *models.DistroAdvisory {
+	advisoryID := def.Title
+	if o.family == config.RedHat || o.family == config.CentOS {
+		ss := strings.Fields(def.Title)
+		advisoryID = strings.TrimSuffix(ss[0], ":")
+	}
+	return &models.DistroAdvisory{
+		AdvisoryID:  advisoryID,
+		Severity:    def.Advisory.Severity,
+		Issued:      def.Advisory.Issued,
+		Updated:     def.Advisory.Updated,
+		Description: def.Description,
+	}
+}
+
 func (o RedHatBase) convertToModel(cveID string, def *ovalmodels.Definition) *models.CveContent {
 	for _, cve := range def.Advisory.Cves {
 		if cve.CveID != cveID {
@@ -171,10 +189,10 @@ func (o RedHatBase) convertToModel(cveID string, def *ovalmodels.Definition) *mo
 		}
 
 		sev2, sev3 := "", ""
-		if score2 != 0 {
+		if score2 == 0 {
 			sev2 = severity
 		}
-		if score3 != 0 {
+		if score3 == 0 {
 			sev3 = severity
 		}
 
@@ -276,3 +294,20 @@ func NewOracle() Oracle {
 		},
 	}
 }
+
+// Amazon is the interface for RedhatBase OVAL
+type Amazon struct {
+	// Base
+	RedHatBase
+}
+
+// NewAmazon creates OVAL client for Amazon Linux
+func NewAmazon() Amazon {
+	return Amazon{
+		RedHatBase{
+			Base{
+				family: config.Amazon,
+			},
+		},
+	}
+}